Skip to main content
Legal

Privacy Policy

We take your privacy seriously. Here's exactly what data we collect, how we use it, and the rights you have over your information.

Last updated: May 6, 2025GDPR & CCPA compliant
We never sell your data.
GDPR ReadyCCPA CompliantTLS EncryptedPCI-DSS Payments

1. Overview

Resumflow ("we," "our," "us") is committed to protecting your privacy. This Privacy Policy explains what information we collect when you use resumflow.com, how we use it, and the rights you have over your data. This policy applies to all users of our website, resume builder application, and related services (collectively, the "Service").

2. Information We Collect

We collect the following categories of information:

Account & Identity Information

  • Name, email address, and password (hashed) when you register
  • Profile picture and OAuth token if you sign in via Google
  • Billing name and address for payment processing (not card numbers — handled by Stripe/Razorpay)

Resume Content

  • All text you enter into your resumes (work history, skills, contact details, etc.)
  • Uploaded profile photos attached to resumes
  • Resume version history saved on your behalf

Usage & Technical Data

  • IP address, browser type, operating system, and device identifiers
  • Pages visited, features used, and time spent on the Service
  • Referral URLs and search query parameters
  • Error logs and performance metrics for debugging

Payment Information

  • Transaction records (plan purchased, amount, date, status)
  • Card details are never stored on our servers — all payment processing is handled by Stripe and Razorpay, who are PCI-DSS compliant

Communications

  • Messages you send to our support team
  • Survey responses, feedback submissions, and feature requests

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your account and authenticate your identity
  • Provide, operate, and improve the resume builder and all related features
  • Process payments and manage your subscription or one-time purchases
  • Send transactional emails (account confirmation, payment receipts, password resets)
  • Send product updates and marketing communications (you may opt out at any time)
  • Analyze usage patterns to improve the user experience and develop new features
  • Detect, prevent, and respond to fraud, abuse, and security incidents
  • Comply with our legal obligations under applicable laws

We rely on the following legal bases for processing your data (where GDPR applies):

  • Contractual necessity — to provide the Service you signed up for
  • Legitimate interests — to improve the Service, prevent fraud, and communicate with you
  • Consent — for marketing emails and optional analytics cookies
  • Legal obligation — to comply with tax, financial, and regulatory requirements

4. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We may share data in the following limited circumstances:

  • Service Providers: Trusted third-party vendors who process data on our behalf (e.g., Stripe/Razorpay for payments, Neon/Vercel for infrastructure, Google Analytics for usage analytics, Resend for email delivery). These providers are contractually bound to handle data securely and only for the purposes we specify.
  • Legal Requirements: If required by law, court order, or government authority, we may disclose information to comply with legal obligations.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or part of our business, your data may be transferred as part of that transaction. You will be notified via email before your data becomes subject to a different privacy policy.
  • Safety: To protect the rights, property, or safety of Resumflow, our users, or the public.

5. Cookies & Tracking Technologies

We use cookies and similar technologies (local storage, session tokens) to operate and improve the Service. Types of cookies we use:

  • Strictly Necessary Cookies: Required for authentication, session management, and security. Cannot be disabled without breaking the Service.
  • Functional Cookies: Remember your preferences (e.g., dark mode setting, last-used template, editor layout).
  • Analytics Cookies: Google Analytics (anonymized) helps us understand how users navigate the site. You may opt out via the Google Analytics Opt-Out browser extension or by declining analytics cookies.
  • Marketing Cookies: Used only with your explicit consent. You can withdraw consent at any time by updating your cookie preferences.

Most browsers allow you to refuse or delete cookies. Doing so may impact your ability to use certain features of the Service.

6. Data Retention

We retain your data for as long as necessary to provide the Service and comply with legal obligations:

  • Active accounts: Data retained for the duration of your account plus 30 days after deletion request
  • Payment records: Retained for 7 years for tax and accounting compliance
  • Resume content: Deleted within 30 days of account deletion (except where legally required)
  • Analytics data: Aggregated and anonymized data may be retained indefinitely
  • Support communications: Retained for 2 years for quality assurance

You may request deletion of your account and personal data at any time by emailing support@resumflow.com. We will process deletion requests within 30 days, subject to legal retention requirements.

7. GDPR & Your Privacy Rights

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
  • Right to Restrict Processing: Request that we limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at support@resumflow.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

  • The right to know what personal information we collect, use, share, or sell
  • The right to delete personal information we have collected from you
  • The right to opt-out of the sale of personal information (we do not sell your data)
  • The right to non-discrimination for exercising your privacy rights

To submit a CCPA request, email us at support@resumflow.com with the subject line "CCPA Request."

9. Data Security

We implement industry-standard security measures to protect your personal data:

  • All data transmitted between your browser and our servers is encrypted via TLS/HTTPS
  • Passwords are hashed using bcrypt — we never store plaintext passwords
  • Database access is restricted to authorized services with least-privilege permissions
  • Regular security audits and dependency vulnerability scanning
  • Payment data is processed exclusively by PCI-DSS compliant providers (Stripe, Razorpay)
  • Two-factor authentication (2FA) available for accounts

While we employ these measures, no method of transmission over the internet or electronic storage is 100% secure. In the event of a data breach affecting your rights and freedoms, we will notify you within 72 hours of becoming aware of it, as required by GDPR.

10. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected such information, we will take immediate steps to delete it. If you believe we have collected information from a child, please contact us at support@resumflow.com.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States and the European Union, where our servers and service providers are located. We ensure such transfers comply with applicable data protection laws, including through the use of Standard Contractual Clauses (SCCs) approved by the European Commission where applicable.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the Service at least 14 days before they take effect. The "Last Updated" date at the top reflects the most recent revision. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact Us

For any privacy-related questions, requests, or concerns, please reach out to us:

  • Email (Privacy): support@resumflow.com
  • Subject line: "Privacy Request — [Your Request Type]"
  • Response time: Within 30 days for GDPR/CCPA requests, 2 business days for general inquiries
  • Website: resumflow.com

Questions about your privacy or data rights?

Contact our privacy team
Terms & ConditionsRefund Policy